The Friday Tech Takeaway - 13.10.17

Tracking friends and strangers using WhatsApp: What seems to be a useful feature within WhatsApp can easily be used to understand your friends and their behaviour in a whole new light. This does involve some investment from yourself and checking your phone constantly. You might also want to question whether your friends are tracking you..! https://robertheaton.com/2017/10/09/tracking-friends-and-strangers-using-whatsapp/

Kaspersky Lab and the AV security hole: With Moscow-based Kaspersky Lab under the gun for its software reportedly helping Russian cyber-spies steal classified US data, some security experts say the same thing could have been pulled off using any other antivirus software, and without any vendor participation. https://goo.gl/vrbTzP

Equifax now faces potential breach of customer help page: The embattled credit-monitoring company has a credit report assistance link on its help page that will direct users to download a bogus Adobe Flash software update, according to an Ars Technica post. https://goo.gl/DMYdDb

Olympic Games face greater cybersecurity risks: The Olympic Games is likely to face far more serious and complex cyberattacks in the coming years according to a report released this week by the UC Berkeley Center for Long-Term Cybersecurity (CLTC). https://goo.gl/38CTN5

iOS Privacy: steal.password – want a user's Apple ID password? Just ask! Do you want the user's Apple ID password, to get access to their Apple account, or to try the same email/password combination on different web services? Just ask your users politely, they'll probably hand over their credentials, as they're trained to do. https://goo.gl/6jcz9L

Forrester says hackers stole sensitive reports: Forrester, one of the world's leading market research and investment advisory firms, has admitted to a security breach that took place during the past week. The company says that a yet to be identified attacker (or attackers) has gained access to the infrastructure hosting its website — Forrester.com. https://goo.gl/ESw7eo

Hyatt Hotels suffers second payment card breach in two years: According to Hyatt, crooks planted malware on payment systems at certain hotels to harvest credit card data from guests that physically entered or swiped at some hotel front desks between March 18, 2017 and July 2, 2017. https://goo.gl/PvVdiJ

Akamai shared a detailed analysis of a Fast Flux Botnet composed of 14K IPs: Experts at Akamai have identified a running botnet of over 14,000 compromised systems used to spread malware. The botmasters implemented a technique dubbed Fast Flux to make the infrastructure hard to take down. https://goo.gl/674QAG

ASD revealed hacker stole 30GB of sensitive data on Australia’s military capabilities: The Australia’s foreign intelligence agency, the Australian Signals Directorate (ASD), admitted a hacker has stolen over 30 GB of military documents. Stolen data includes details on fighter jets, military aircraft, and naval ships. https://goo.gl/Cfku2v

DDoS attacks cause train delays across Sweden: The first attack hit the Sweden Transport Administration (Trafikverket) on Wednesday. According to local press, the attack brought down the IT system that manages train orders. The agency had to stop or delay trains during the attack. https://goo.gl/Ee87tK

Unpatched exploit lets you clone key fobs and open Subarus: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models; a vulnerability the vendor has not patched which could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. https://goo.gl/LXwm6E

Accenture leaks data in public Amazon S3 bucket: Another Tech giant has fallen victim of an embarrassing data leak, this time the leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket. The incident exposed internal Accenture private keys, secret API data, and other information, a gift for attackers that want to target the firm or its clients. http://securityaffairs.co/wordpress/64150/data-breach/accenture-data-leak.html